[AdmiralAsshat]

Admittedly I didn't read the whitepaper, but the CVEs that were mentioned on the page summary sounded like your run-of-the-mill stack overflow or string vulnerabilities. So yes, the end result might be the same (i.e. remote takeover), but I would hesitate to call them backdoors unless it was demonstrated that this vulnerability was intentionally known or left unfixed for the purposes of being abused by parties in the know.

[simion314]

The idea if the same bug was in a Chinese product the title would have been "backdoor injected" ... see yesterday and recent articles on HN.

[IAmEveryone]

I searched and only found something about a vulnerability in "HiSilicone" hardware mentioned yesterday.

That article mentions a pre-installed telnet server including accounts that can be started with the right command send over TCP. Whereas here, it's apparently a typical buffer overflow resulting in arbitrary (but BYOT (bring your own Telnet)) code execution.

Sure, maybe Cisco is just better at disguising their backdoors for plausible deniability. But with what's known, intent seems far more likely in yesterday's case than this.

[simion314]

The article title was different initially and was something that included backdoor,injected,Huawei(was no direct relation with Huawei). There were also many similar reports about US routes and IOT having default passwords or easy to guess passwords but each time the stupidity is assumed. Also the Windows "NSA key" article and comments were very convincing that for sure it was nothing evil and was never used anyway.

[trasz]

A Telnet server is way too obvious for a backdoor. It’s more of a leftover debug feature.